Palo Alto Networks XSOAR Engineer PDF Questions

1 / 6 Palo Alto XSOAR-Engineer Exam Palo Alto Networks XSOAR Engineer https://www.passquestion.com/xsoar-engineer.html 35% OFF on All, Including XSOAR-Engineer Questions and Answers P ass XSOAR-Engineer Exam with PassQuestion XSOAR-Engineer questions and answers in the first attempt. https://www.passquestion.com/ 2 / 6 1.Which two advanced attributes can be applied to incident fields when editing? (Choose two.) A. Set a field trigger script B. Associate to an incident type C. Change field type D. Change field name Answer: AB Explanation: Reference: https://docs.servicenow.com/bundle/quebec-it-service-management/page/product/incident-management/ reference/incident-management-properties.html 2.Given an incident with three files, how could the name of the second file be referenced? A. ${Files.[2].Name} B. ${Files.Name.[2]} C. ${File.[1].Name} D. ${File.Name.[1]} Answer: D 3.Which component can be part of a load balancing group? A. Distributed database B. D2 agent C. Engine D. Load balancing server Answer: C Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/engines/understand-demi sto-engines.html 4.Which method accesses a field called ‘ User Mail ’ in a playbook? A. ${incident.usermail} B. ${incident.User Mail} C. ${incident.UserMail} D. ${usermail} Answer: A 5.A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement? A. Manually share the dashboard through user emails B. Dashboard is shared to all XSOAR users C. Propagate the dashboard based on SAML authentication D. Dashboard is shared to all XSOAR users in a selected role Answer: D Explanation: 3 / 6 Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/dashboards/share-a-dash board.html 6.Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.) A. setFields B. Field mapping C. setIncident D. Layout inline editing Answer: BC 7.DRAG DROP Match the action with the most appropriate playbook task type. Answer: 4 / 6 Explanation: https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html 8.Which built-in automation/command cab be used to change an incident ’ s type? A. setIncident B. Set C. GetFieldsByIncidentType D. modifyIncidentFields Answer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/incidents/incidents-manag ement/incident-fields/field-trigger-scripts.html 9.An engineer notices that playbooks only start once the user clicks the ‘ investigate ’ button and he/she would like the playbook to start automatically. How can this be implemented? A. Add the playbook to the integration ’ s settings B. Select ‘ Run playbook automatically ’ from the incident type settings C. Add the !startinvestigation automation to the beginning of the playbook D. Select ‘ Run playbook automatically ’ from the integration settings Answer: B 10.Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.) A. The ’ Fetches Incidents ’ option may not have been enabled B. There are no new events from the external service C. The first fetch should be manually triggered to start the fetching process 5 / 6 D. It can take up to 1-hour before incidents are initially fetched Answer: AB 11.Which two capabilities do Automation script settings include? (Choose two.) A. Define ‘ parameters ’ B. Correlate to incident types C. Define ‘ outputs ’ D. Set password protection Answer: CD 12.DRAG DROP Match the appropriate action to the layout type. Answer: 6 / 6 13.What is a primary use case of data collection tasks? A. To allow multi-QUESTIO N NO: surveys without authentication restrictions B. To automate tasks such as parsing a file or enriching indicators C. To generate new widgets for a dashboard D. To determine different paths in a playbook Answer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-tasks/ communication-tasks/create-a-data-collection-task.html 14.In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.) A. The audit log B. The log bundle C. The source code for an integration D. The error message returned directly below the button E. The playground war room Answer: BCD